def get_many(offset=None, limit=None): with get_session() as s: query = s.query(User).order_by(User.registration_date.desc()) data = slice(query, offset, limit) return [u.as_dict() for u in data]
def create(name): with get_session() as s: if s.query(Tag).filter_by(name=name).first(): abort(409, 'Tag with this name already exists') tag = Tag(name=name) s.add(tag)
def delete(name): with get_session() as s: tag = s.query(Tag).filter_by(name=name).first() if tag is None: abort(404, 'Tag not found') tag.posts = tag.users_tags = tag.users_interests = [] s.delete(tag)
def delete_avatar(u_id): with get_session() as s: avatar = s.query(Avatar).filter_by(u_id=u_id).first() if avatar is None: abort(404, 'Avatar not found') s.delete(avatar) files.remove(f'avatar{u_id}.{avatar.ext}', config.avatars)
def get_avatar(u_id): with get_session() as s: u = User.get_or_404(s, u_id) if u.avatar is None: return None return join(config.avatars.DIRECTORY, f'avatar{u_id}.{u.avatar.ext}')
def update_role(u_id, role): with get_session() as s: u = User.get_or_404(s, u_id) if u.access == USER_ACCESS[role]: abort(409, 'User already has that role') u.access = USER_ACCESS[role]
def self_delete(u_id, password): with get_session() as s: u = User.get_or_404(s, u_id) opw = str(password).encode('utf-8') pw = str(u.password).encode('utf-8') if not bcrypt.checkpw(opw, pw): abort(422, 'Invalid password') u.status = 'deleted'
def close_all_sessions(u_id, password): with get_session() as s: u = User.get_or_404(s, u_id) opw = str(password).encode('utf-8') pw = str(u.password).encode('utf-8') if not bcrypt.checkpw(opw, pw): abort(422, 'Invalid password') u.cookie_id = uuid.uuid4() return u
def update(name, new_name): with get_session() as s: if s.query(Tag).filter_by(name=new_name).first(): abort(409, 'Tag with this name already exists') tag = s.query(Tag).filter_by(name=name).first() if tag is None: abort(404, 'Tag not found') tag.name = new_name
def update_avatar(u_id, file): with get_session() as s: u = User.get_or_404(s, u_id) if u.avatar: delete_avatar(u_id) ext = files.get_ext(file.filename) files.save(file, f'avatar{u_id}.{ext}', config.avatars) s.add(Avatar(u_id=u_id, ext=ext))
def get(c_id): with get_session() as s: comment = Comment.get_or_404(s, c_id) if (isinstance(comment.post, Question) and comment.post.closed and not current_user.has_access('expert') and comment.post.u_id != current_user.id): abort(403) return comment.as_dict()
def delete(c_id): with get_session() as s: comment = Comment.get_or_404(s, c_id) if (not current_user.has_access('moderator') and comment.u_id != current_user.id): abort(403) comment.post.comment_count -= 1 comment.author.comment_count -= 1 comment.status = 'deleted'
def ban_user(u_id): with get_session() as s: u = User.get_or_404(s, u_id) if (u.has_access('moderator') or not current_user.has_access('moderator')): abort(403) if u.status == 'banned': abort(409, 'User has already banned') u.status = 'banned'
def update(c_id, text): with get_session() as s: comment = Comment.get_or_404(s, c_id) if (isinstance(comment.post, Question) and comment.post.closed and not current_user.has_access('moderator') and comment.post.u_id != current_user.id): abort(403) if not text: abort(422, 'Comment text should not be empty') comment.text = text
def reset_password(email): with get_session() as s: user = s.query(User).filter(User.email == email, User.status == 'active').one_or_none() if not user: abort(404, 'Invalid user') new_password = util.random_string_digits(20) npw = bcrypt.hashpw( str(new_password).encode('utf-8'), bcrypt.gensalt()) user.password = npw.decode('utf-8') user.cookie_id = uuid.uuid4() util.send_reset_email(email, new_password)
def confirm_user(confirmation_link): with get_session() as s: user = s.query(User).filter( User.confirmation_link == confirmation_link).one_or_none() if user: if user.status == 'unconfirmed': user.status = 'active' logging.info('User [{}] is confirmed'.format(user.email)) else: abort( 409, 'User is currently confirmed by ' 'this link or can\'t be confirmed') abort(404, 'No user with this confirmation link')
def pre_login(email, password): with get_session() as s: user = s.query(User).filter(User.email == email).one_or_none() if not user or user.status == 'deleted': abort(404, 'User not found') if user.status == 'banned': abort(409, 'Trying to login banned user!') pw = str(password).encode('utf-8') upw = str(user.password).encode('utf-8') if not bcrypt.checkpw(pw, upw): abort(422, 'Invalid password') return user
def change_password(u_id, old_password, new_password): with get_session() as s: u = User.get_or_404(s, u_id) opw = str(old_password).encode('utf-8') npw = str(new_password).encode('utf-8') pw = str(u.password).encode('utf-8') if not bcrypt.checkpw(opw, pw): abort(422, 'Invalid password') if bcrypt.checkpw(npw, pw): abort(422, 'Old and new passwords are equal') npw = bcrypt.hashpw(npw, bcrypt.gensalt()) u.password = npw.decode('utf-8') u.cookie_id = uuid.uuid4() return u
def update(u_id, new_data): with get_session() as s: u = User.get_or_404(s, u_id) if u_id != current_user.id and not current_user.has_access( 'moderator'): abort(403) for param, value in new_data.items(): if param == 'tags': if not current_user.has_access('moderator'): abort(403, 'You cant change tags') u.tags = s.query(Tag).filter(Tag.name.in_(value)).all() elif param == 'interests': u.interests = s.query(Tag).filter(Tag.name.in_(value)).all() else: setattr(u, param, value)
def register_user(data): with get_session() as s: user = s.query(User).filter(User.email == data['email']).one_or_none() # checking unique link while True: confirmation_link = nanoid.generate(size=50) exists = s.query(User).filter( User.confirmation_link == confirmation_link).one_or_none() if not exists: break pw = bcrypt.hashpw( str(data['password']).encode('utf-8'), bcrypt.gensalt()).decode('utf-8') if user: if user.status == 'deleted': user.password = pw user.name = data['name'] user.surname = data['surname'] user.status = config.DEFAULT_USER_STATUS user.confirmation_link = confirmation_link elif user.status == 'banned': abort(409, 'User with this email was banned') else: abort(409, 'Trying to register existing user') else: user = User(email=data['email'], name=data['name'], surname=data['surname'], password=pw, confirmation_link=confirmation_link) s.add(user) if config.DEFAULT_USER_STATUS == 'unconfirmed': util.send_email(data['email'], confirmation_link) logging.info('Registering new user [{}]'.format(data['email']))
def validate_tags(tag_names): with get_session() as s: tags = s.query(Tag).filter(Tag.name.in_(tag_names)).all() if sorted(tag_names) != sorted([t.name for t in tags]): abort(422, 'Wrong tags')
def user_loader(cookie_id): with get_session() as s: return s.query(User).filter(User.cookie_id == cookie_id, User.status == 'active').one_or_none()
def get(u_id): with get_session() as s: u = User.get_or_404(s, u_id) return u.as_dict()
def get_many(): with get_session() as s: tags = [t.name for t in s.query(Tag).all()] return tags